Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• A former executive at the Ohio County Public Schools Federal
Credit Union in Wheeling, West Virginia, was charged October 20 for allegedly
embezzling over $156,000 from the credit union between 2013 and 2016. – U.S.
Attorney’s Office, Northern District of West Virginia See item 3
below in the Financial Services Sector

• Officials in Burleson, Texas, reported that blockage of a
12-inch wastewater collection line caused roughly 50,000 gallons of wastewater
to spill in the North Creek area October 19. – Burleson Star

10. October 20, Burleson
Star – (Texas) Line blockage caused 50,000 gallon wastewater spill. Officials
in Burleson, Texas, reported that blockage of a 12-inch wastewater collection
line reportedly caused approximately 50,000 gallons of wastewater to spill in
the North Creek area October 19. Officials stated the public water supply was
not affected by the spill.

• Weebly confirmed that hackers stole the account information of
over 43 million users, including usernames, Internet Protocol (IP) addresses,
and password hashes after breaching the company’s systems in February 2016. – SecurityWeek
See item 15 below in the Information Technology Sector

Financial Services Sector

2. October 20, U.S.
Attorney’s Office, Northern District of Texas – (International) Federal
jury convicts woman in Stolen Identity Refund scheme - some stolen identities
belonged to incarcerated individuals. A Dallas woman was convicted October
20 for her participation in a Stolen Identity Refund Fraud scheme where she and
co-conspirators filed fraudulent tax returns using the stolen identities of
incarcerated individuals and others, and used shell company bank accounts to
transfer the tax refunds from debit and Green Dot cards into cash and cashier’s
checks, which the group used to buy nearly $1.2 million worth of used cars that
they subsequently shipped to Nigeria from May 2012 – May 2014. Source: https://www.justice.gov/usao-ndtx/pr/federal-jury-convicts-woman-stolen-identity-refund-scheme-some-stolen-identities

3. October 20, U.S.
Attorney’s Office, Northern District of West Virginia – (West Virginia) Former
director of Ohio County Schools Credit Union charged with embezzlement. The
former executive director of the Ohio County Public Schools Federal Credit
Union in Wheeling, West Virginia, was charged October 20 for allegedly
embezzling over $156,000 from the credit union between June 2013 and March 2016
after an employee detected the scheme in March during a routine credit union
account reconciliation. The charges allege that the defendant used the stolen profits
to cover personal debts. Source: https://www.justice.gov/usao-ndwv/pr/former-director-ohio-county-schools-credit-union-charged-embezzlement

Information Technology Sector

15. October 21,
SecurityWeek – (International) Weebly breach affects over 43 million
users. Weebly, a San Francisco-based Web hosting service, confirmed that
hackers stole the account information of over 43 million users, including
usernames, Internet Protocol (IP) addresses, and password hashes after
breaching the company’s systems in February 2016. The company advised its user
to reset their passwords and the cause of the breach remains under
investigation. Source: http://www.securityweek.com/weebly-breach-affects-over-43-million-users

16. October 20, Softpedia
– (International) Linux kernel zero-day CVE-2016-5195 patched after
being deployed in live attacks. The Linux kernel team patched a zero-day
security flaw named Dirty COW, as it is caused by a race condition in the way
Linux kernel’s memory handles copy-on-write (COW) breakage of read-only memory
mappings, which could allow an attacker to escalate their privileges,
potentially to root level, on a targeted system. A security researcher notified
Red Hat of attackers deploying an exploit that leverages this vulnerability in
the wild. Source: http://news.softpedia.com/news/linux-kernel-zero-day-cve-2016-5195-patched-after-being-deployed-in-live-attacks-509494.shtml

17. October 20, Help Net
Security – (International) Cisco plugs critical bug in ASA security
devices. Cisco patched a critical vulnerability affecting the Identity
Firewall feature of its Cisco Adaptive Security Appliance (ASA) Software, which
could allow a remote attacker to take control of the system, cause a reload,
and execute arbitrary code by sending a specially crafted NetBIOS packet in
response to a NetBIOS probe sent by the software. Cisco reported the
vulnerability is caused by a buffer overflow in the affected area code. Source: https://www.helpnetsecurity.com/2016/10/20/bug-asa-security-devices/

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"